My Writing

• Malware 4 Steps to Combat Malware Enterprise-Wide: New Article
  Treating malware infections as independent events—cleaning up and moving on—doesn't keep pace with evolving attack tactics. Effective enterprise malware defense requires detecting propagation...
• Training Developing Cybersecurity Skills Through Deliberate Practice
  Years of experience alone don't create expertise—improvement requires deliberate practice with immediate feedback and coaching. Security professionals should form peer relationships, identify...
• Networking Web Application Firewalls (WAFs) Will Be Ubiquitous
  WAFs are following the adoption trajectory of traditional network firewalls—both mitigate risk when securing individual components is impractical. Network firewalls protected weakly-configured...
• Tools How to Design Security Warning Messages to Protect Users
  Effective security warnings make the safest button most visible, stay brief while providing context, avoid technical jargon, and don't overwhelm users with repeated prompts. Microsoft's "Enable...
• Leadership How to Achieve Work-Life Balance in Information Security?
• Communication The Need to Deal with Internal Politics for Security Professionals
  Nearly half of security professionals report internal and political issues consume most of their time. Rather than viewing this as red tape preventing real work, accept that navigating organizational...